.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA Security Analytics ESA Alerts are no longer generated after upgrading
Issue
After upgrading ESA appliance, ESA stops generating new alerts.Rules still appear to be deployed and enabled.
Cause
The root cause has not been confirmed.
Workaround
Removed all of the deployed rules from ESA Services and ESA Rules.
For NetWitness 11.x and lower:
Navigate to Alerts->Configure->Rules and then re-add and re-deploy the required ones.
For NetWitness version 12.x you can navigate thru the CCM:
Configure > Policies > Content select the Policy, and click Edit and hit Next to bring you to the Define Policy page.
The Right window pane is showing the deployed rules for this policy, remove them by clicking the "x" button and then Save and Publish.
To add the Rules back, just go back to the Policy, then Edit, then On the Define Policy page, select the Rules from the Left window pane and click "+". Once Rules are added, Save and Publish the policy.
Product Details
NetWitness Product Set: NetWitness Logs & Network
NetWitness Product/Service Type: Correlation-Server (ESA), Content Policies
NetWitness Version/Condition: 11.x , 12.x
Platform: CentOS , AlmaLinux
Approval Reviewer Queue
Technical approval queue